A cyber-security workbook can help achieve good practice
A common feature of cyber-security’s its general lag behind cyber-threats. Data Breach Incident Response Workbook, from AllClear ID, a cyber-security company, provides general guidance and assistance in developing security standards. It’s essential for Africa’s eHealth.
Health IT Security says it provides an outline and recommendations for a start to planning well-orchestrated responses to a data compromises. The next step’s engaging external stakeholders. An essential theme’s ensuring plans are recorded and tested thoroughly to achieve effective financial and operational responses to cyber-attacks.
Its contents include:
- The cyber-threat world and operational and reputational damage
- Anatomy of a data breach
- Preparing for a data breach
- Building a strong internal response team
- Data breach checklist
- Data breach notifications
- The Incident Response Plan Guide.
Incident response teams shouldn’t be just from ICT teams. They should draw and appoint an incident lead from:
- Executive management
- Customer and patient services
- Risk management and security
- Compliance and audit
- Public relations.
The checklist should document everything that happens and is discovered. Prompt action’s vital, so every action needs fitting into a timeline. Actions include:
- Implement the data breach incident response plan
- Specify the information needed for reporting summaries
- Identify the problem
- Start the incident reporting process
- If the data breach could harm a person or business, contact local police
- Create an incident summary report for executives
- Create a technical incident summary report.
The Incident Response Plan checklist’s comprehensive. It includes important advice: “Continuously update the information in the contact lists and other documents – don’t get caught in an emergency with outdated information.” It’s obvious, but an elementary error to avoid.